mircea_popescu: asciilifeform t1 you publish K.sign(hash(S)) ; time t2 you publish J.sign(hash(S+S')) ; time t3 you publish S and S' thus proving J knew before everyone else.

mircea_popescu: asciilifeform i don't require that len(h(x)) < len(x).

mircea_popescu: hey, you're breaking rsa over there, do some useful stuff!

mircea_popescu: the one important salient point here is that what we would really like for a hash function would be a H so that it is mathematically proven that NO j' exists so that h(s+j) = h(s+j')

mircea_popescu: i suppose so.

mircea_popescu: still, i wouldn't say these differences allow for a strict determination.

mircea_popescu: well yes, but in my secret-k scheme the epsilon is my domain alone.

mircea_popescu: this is what we mean by "enemy".

mircea_popescu: asciilifeform because he decides when you find out rsa was broken

mircea_popescu: now this said, a provably collision-resistant h might be found ; and would be amply useful.

mircea_popescu: and the problem of t3-t1 being an interval at enemy's discretion rather than your discretion remains.

mircea_popescu: reversibility vs collision

mircea_popescu: different notions of "strength of hash"

mircea_popescu: this is STILL a weaker standard than "gimme s in h(s)" albeit not quite as catastrophically bad as prevbiously thought

mircea_popescu: so he'll have to find proper salt-collision, h(s+j') = h(s+j)

mircea_popescu: ah yeah s is fixed.

mircea_popescu: so nobody cares about your S anymore because afatk, S' is S

mircea_popescu: he posts it before you do.

mircea_popescu: and see the comments above re weaker standard and bad time exposure.

mircea_popescu: H(S'+J') = H (S+J).

mircea_popescu: at time t1+e hitler publishes J' ; at time t2+e hitler publishes S'.

mircea_popescu: and t3-t1 is in his control, whereas epsilon is in mine

mircea_popescu: also enemy has t3-t1 to fish for the pair ; as opposed to epsilon

mircea_popescu: this is a much weaker standard of failure for h than "here's h(s) tell me s"

mircea_popescu: at t1.5 hitler deedbots J', at t2.5 hitler deedbots S' so that hash(s'+j') = hash(s+j)

mircea_popescu: asciilifeform your scheme is actually dead in the water because between t2 and t3 enemy can deedbot in your name.

mircea_popescu goes re-reads alf scheme

mircea_popescu: this much is true.

mircea_popescu: asciilifeform i just mean "makes mitm meaningless"

mircea_popescu: because of the whole "array of keys" thing, it'd actually allow jumping over dead rsa

mircea_popescu: the correct pill to all of this being, of course, gossipd.

mircea_popescu: well yes, because it implements a sort of single-message kludge.

mircea_popescu: which is why we HAVE both of these.

mircea_popescu: there's no way out of this, i'm affraid.

mircea_popescu: in general "collapsed cryptosystem" reduces one to a "either you have time-order and single-message or else you restart from scratch".

mircea_popescu: suppose for safety of this scheme, ? is made so that create-key takes a day.

mircea_popescu: but not before. yes.

mircea_popescu: this however is a necessary assumption (seen in t1 t2 etc) and not escapable in the current paradigm.

mircea_popescu: this system presumes there's such a thing as ordering of events.

mircea_popescu: J.sign("Here's the laydown : 1. rsa got fucked, this is the process to exrtract privkey from pubkey ; 2. message so-and-so on deedbot was creating by so-hashing this salt and this pubkey ; 3. this here key J was created by using cryptoisystem ? with rng = privkey.K, which guarantees i am the one that made it ; 4. please use this here J' in future")

mircea_popescu: nah, you just posit "one message" is possible.

mircea_popescu: can just go in the same message.

mircea_popescu: yup.

mircea_popescu: ie, until t2+epsilon

mircea_popescu: it's not publicly known until i publish.

mircea_popescu: J = create-key(privkey.K)

mircea_popescu: this is, again, a very epsilon affair.

mircea_popescu: can add J' in same message, signed by J for instance.

mircea_popescu: i don't. the point is to prove K-J continuity , not to retain sole control of J

mircea_popescu: well no, i just publish the fingerprint. as per t2 = rsa broken, it then follows one can extract privkey.K from K

mircea_popescu: then at t2+epsilon when i publish k you extract privkey.K from it and check that J was made by create-key(privkey.K_

mircea_popescu: and if it further has a create-key() which seems more dubious, but is it allowable ?

mircea_popescu: so if ? has a encrypt() and decrypt() which seems like a safe proposition

mircea_popescu: well how would i know, right. it'd depend on that.

mircea_popescu: what do you want, like a c implementation ?

mircea_popescu: o.O

mircea_popescu: privkey.K*

mircea_popescu: because the only one who could make j is the one who at t1 owned privkey.L

mircea_popescu: i publish k, you a) verify it hash-salts to same value and b) encrypt to it

mircea_popescu: q was for simpler neh.

mircea_popescu: quite.

mircea_popescu: in this scheme, hash has to be epsilon-strong and that's all.

mircea_popescu: yes.

mircea_popescu: asciilifeform by deedobtting hash(salt+pubkey.K)

mircea_popescu: which is why yours and this are equivalent (they depend on the strength of has function)

mircea_popescu: asciilifeform but he has to also break the salted hash

mircea_popescu: at t2+epsilon, everyone can verify K-J continuity ; at t2 only breaker of rsa can verify.

mircea_popescu: t2+epsilon : i publish key J in cryptosystem ? which was created with entropy = privkey.K

mircea_popescu: t2 : rsa is destroyed

mircea_popescu: t1 : i make rsa key K ; don't share it with anyone. i publish hash(salt+pubkey.K)

mircea_popescu: nono, look :

mircea_popescu: ie all cryptosystems reduce to hash fucntion

mircea_popescu: this doesn't matter so much, future cryptosystem will be made on the basis of rng ; rng can work with pubkey as entropy source. ☟︎

mircea_popescu: known by me.

mircea_popescu: asciilifeform for one thing, unpublished key is a simpler variant. create secret key K, salt-and-hash K, publish K. at later point divulge K. verification is one step and passive for you.

mircea_popescu: hum.

mircea_popescu: hang on a sec im writing up this horrid movie.

mircea_popescu: or c-s for that matter.

mircea_popescu: aha

mircea_popescu: asciilifeform maybe. somehow subjectively this is never perceived the same way.

mircea_popescu: aite give it a half hour or such

mircea_popescu: rAISellers but did you send it to the sks servers ?

mircea_popescu: depends. at 14 you prolly care about all the nude classmates you got there.

mircea_popescu: there are no absolutes here. better and worse are entirely undefined.

mircea_popescu: why ?

mircea_popescu: i dunno, pretend not to notice, see who tries to scam you ? eat their babies for desert ?

mircea_popescu: what'd i do ?

mircea_popescu: worx

mircea_popescu: but yeah, mutual masturbation with phuctor not a bad idea, if it can be done somehow so it doesn't make the ensemble more friable.

mircea_popescu: ty.

mircea_popescu: im getting sick of advertising mit and friends.

mircea_popescu: trinque any hoap for wotpaste pubkey to deedbot directly ?

mircea_popescu: rAISellers did you send it to sks server ?

mircea_popescu: asciilifeform the whole thing was centered around "third and above degree effects, such as the social behaviour of "war""

mircea_popescu: rAISellers use !!register

mircea_popescu: can come in handy, if you're for instance repressing men-talking-about-women-and-society-their-own-way.

mircea_popescu: PeterL word. you can also induce them through masturbation ; and the process can result in a slight increase in amniotic fluid.

mircea_popescu: so you'd have expected them to ; romania was an ally after all ; and they did hit the oilfields.

mircea_popescu: however - the easy access petroleum, as well as copper, iron etc was hit first.

mircea_popescu: i dunno. maybe.